Nikto β
TIP
Nikto is an open-source web server scanner which performs comprehensive tests against web servers for multiple items, including dangerous files, outdated server software, and other security issues.
π Official Resources β
π Common Commands β
| Task | Command |
|---|---|
| Basic scan | nikto -h http://target.com |
| Scan with SSL | nikto -h https://target.com |
| Scan a specific port | nikto -h http://target.com -p 8080 |
| Use a specific plugin | nikto -h http://target.com -Plugins plugin_name |
π·οΈ Useful Flags β
| Flag | Description |
|---|---|
-h | Target host |
-p | Port to use |
-ssl | Force SSL mode |
-output | Output file |
-Format | Output format (e.g., txt, html, csv, xml) |
-Tuning | Scan tuning options (e.g., -Tuning 123bde) |
-Plugins | Specify plugins to use |
WARNING
Always have permission before scanning a website with Nikto. Unauthorized scanning is illegal and unethical.
π Resources β
π HTB CTF Go-To Command β
A common Nikto command for web server scanning in HTB CTFs:
bash
nikto -h http://10.10.10.10 -output nikto_results.txt-h: Target host (replace with the actual target IP)-output: Output results to a file